lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-12 08:21:54 +03:00
Code Activity
33,278 Commits 172 Branches 268 Tags
development
Commit Graph

2858 Commits

Author SHA1 Message Date
Jerry Yu
ea96ac3da9 fix various issues 
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:17:37 +08:00
Jerry Yu
3c2b21ed0e Enable multi max_early_data_size value for connections 
For test purpose, we set different value for each
session

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:14:56 +08:00
Xiaokang Qian
611c717c02 Sync the early_data option with internal parameters in ssl_client2 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 09:24:58 +00:00
Xiaokang Qian
f8fe11d14d Remove the generic file read functions and simply the early data read 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 07:40:50 +00:00
Xiaokang Qian
eaebedb30b Refine the detect code to enable early data or not 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 02:55:16 +00:00
Xiaokang Qian
b1db72923e Rename the generic read functions to ssl_read_file_text 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 02:33:38 +00:00
Xiaokang Qian
6c678d7543 Improve the comments of early data input 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 02:20:51 +00:00
Xiaokang Qian
70fbdcf904 Change early data flag to input file 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-05 05:50:08 +00:00
Gilles Peskine
6f8ca29ce4 Use the existing definition of __func__ 
Now that library is in the include path when compiling metatest.c, don't
duplicate the definition of __func__ from library/common.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-29 19:42:43 +01:00
Gilles Peskine
895ebc30f0 Protect against compiler optimizations 
GCC 5.4 optimized the write after poisoning (the surprising thing is that
11.4 doesn't).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-29 19:42:36 +01:00
Gilles Peskine
ef0f01fee6 Memory poisoning: meta-test writes as well as reads 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-29 19:42:36 +01:00
Gilles Peskine
e0acf8787d Port to platforms where printf doesn't have %zu 
Reuse the existing abstraction from include/mbedtls/debug.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-29 19:22:03 +01:00
Gilles Peskine
f5dd00288e Fix MSVC build failure 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-29 19:22:03 +01:00
Gilles Peskine
0bdb6dc079 Fix memory poisoning with Asan on arbitrary byte boundaries 
Asan poisons memory with an 8-byte granularity. We want to make sure that
the whole specified region is poisoned (our typical use case is a
heap-allocated object, and we want to poison the whole object, and we don't
care about the bytes after the end of the object and up to the beginning of
the next object). So align the start and end of the region to (un)poison to
an 8-byte boundary.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-29 19:22:03 +01:00
Gilles Peskine
d29cce91d0 Add memory poisoning framework 
While an area of memory is poisoned, reading or writing from it triggers a
sanitizer violation.

Implemented for ASan.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-29 19:22:03 +01:00
Janos Follath
c6f1637f8c Merge pull request #8534 from paul-elliott-arm/fix_mutex_abstraction 
Make mutex abstraction and tests thread safe
 2023-11-29 13:26:23 +00:00
Tom Cosgrove
12d8b8eaba Merge pull request #8539 from tom-daubney-arm/add_test_script_psa_hash 
Add Demo Script for PSA Hash Program
 2023-11-27 12:13:18 +00:00
Paul Elliott
f25d831123 Ensure mutex test mutex gets free'd 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-11-23 18:49:43 +00:00
Dave Rodgman
8cd4bc4ac2 Merge pull request #8124 from yanrayw/support_cipher_encrypt_only 
Support the negative option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
 2023-11-23 17:43:00 +00:00
Paul Elliott
2e3f6902ed Merge pull request #8549 from gilles-peskine-arm/metatest-gcc-12 
Fix metatest.c with gcc-12 -Wuse-after-free
 2023-11-23 11:09:41 +00:00
Yanray Wang
690ee81533 Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-11-23 10:31:26 +08:00
Gilles Peskine
7a715c4537 Fix the build with gcc-12 -Wuse-after-free 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-21 13:42:40 +01:00
Jerry Yu
713ce1f889 various improvement 
- improve change log entry
- improve comments
- remove unnecessary statement
- change type of client_age

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:25 +08:00
Jerry Yu
cf9135100e fix various issues 
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
25ba4d40ef rename ticket_creation to ticket_creation_time 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
3ff0b1fda3 Cleanup ticket negative tests. 
- improve comments
- case 3/4 is for server age check.
- case 5/6 is for client age check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
ec6d07870d Replace start with ticket_creation 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
f16efbc78d fix various issues 
- Add comments for ticket test hooks
- improve code style.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
cebffc3446 change time unit of ticket to milliseconds 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Gilles Peskine
6267dd59c8 Merge pull request #8463 from gilles-peskine-arm/metatest-create 
Create a metatest program
 2023-11-20 14:07:08 +00:00
Thomas Daubney
dd2a09a22b Introduce demo script for PSA hash program 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-11-16 18:45:55 +00:00
Matthias Schulz
70595f7983 Explicitly indicating when private fields are accessed in benchmark.c. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-11-16 17:43:58 +01:00
Matthias Schulz
3b9240bbd0 Alternative Timing compatible benchmark.c 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-11-16 17:39:43 +01:00
Matthias Schulz
aa7dffa24a Add benchmark for RSA 3072. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-11-16 15:31:32 +01:00
Gilles Peskine
2f40cc05f0 Improve explanations of what bad thing a metatest does 
Especially clarify the situation with respect to mutex usage.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-16 15:13:38 +01:00
Gilles Peskine
ad2a17eb60 Uniformly use MBEDTLS_THREADING_C guards 
Since the code compiles with MBEDTLS_THREADING_C, not just with
MBEDTLS_THREADING_PTHREAD, use MBEDTLS_THREADING_C as the guard. The runtime
behavior is only as desired under certain conditions that imply
MBEDTLS_THREADING_PTHREAD, but that's fine: no metatest is expected to pass
in all scenarios, only under specific build- and run-time conditions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-16 15:09:48 +01:00
Manuel Pégourié-Gonnard
752dd39a69 Merge pull request #8508 from valeriosetti/issue6323 
[G3] Driver-only cipher+aead: TLS: ssl-opt.sh
 2023-11-14 11:39:06 +00:00
Gilles Peskine
cce0012463 Add documentation 
Explain the goals of metatests, how to write them, and how to read their
output.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-10 15:36:15 +01:00
Gilles Peskine
ccb121500d Uninitialized read: make the pointer non-volatile rather than the buffer 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-10 11:35:36 +01:00
Gilles Peskine
da6e7a2ac2 More consistent usage of volatile 
Fix MSVC warning C4090.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-10 10:09:27 +01:00
Valerio Setti
38e75fb1a7 ssl_server2: remove usage of mbedtls_cipher_info_from_string() 
This removes the dependency from cipher module and legacy key/modes
symbols which are used in cipher_wrap.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-10 08:27:39 +01:00
Gilles Peskine
d2fa698155 Strengthen against possible compiler optimizations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-09 21:46:24 +01:00
Yanray Wang
0751761b49 max_early_data_size: rename configuration function 
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-07 11:49:34 +08:00
Yanray Wang
d5ed36ff24 early data: rename configuration function 
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-07 11:49:24 +08:00
Gilles Peskine
a1023e2bd6 programs/test/metatest indirectly includes library/common.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-06 20:33:19 +01:00
Gilles Peskine
4bc873f0a1 Add missing program to .gitignore 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-06 20:33:19 +01:00
Gilles Peskine
102aea2ba8 Add metatests for mutex usage 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-06 20:33:19 +01:00
Gilles Peskine
f0d5cf9a0c Don't use %llx in printf 
We still do MinGW builds on our CI whose printf doesn't support it!

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-06 20:33:19 +01:00
Gilles Peskine
a1dfa14c06 Fix cast from pointer to integer of different size 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-06 20:33:19 +01:00
Gilles Peskine
ee8109541a Don't cast a function pointer to a data pointer 
That's nonstandard. Instead, convert to an integer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-06 20:33:19 +01:00